package com.admin.config.security.oa2.basicCircuit;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

//@EnableWebSecurity
//@Order(1)
public class OAuth2ResourceServerConfig extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) throws Exception{
        http
                .authorizeRequests()
                .antMatchers("/message/**").hasAuthority("SCOPE_message:read")
                .anyRequest().authenticated()
                .and()
                .oauth2ResourceServer()
                .jwt().jwkSetUri("http://localhost:8080/.well-known/openid-configuration");
    }
}
